Add new configuration parameter ssl_renegotiation_limit to control how often
we do session key renegotiation for an SSL connection
(Magnus)

This can be set to zero to disable renegotiation
completely, which may be required if a broken SSL library
is used. In particular, some vendors are shipping stopgap
patches for CVE-2009-3555 that cause renegotiation attempts
to fail.

Make substring() for
bit types treat any negative length
as meaning "all the rest of the
string" (Tom)

The previous coding treated only -1 that way, and would
produce an invalid result value for other negative values,
possibly leading to a crash (CVE-2010-0442).

When reading pg_hba.conf and
related files, do not treat @something as a file inclusion request if
the @ appears inside quote marks;
also, never treat @ by itself as a
file inclusion request (Tom)

This prevents erratic behavior if a role or database
name starts with @. If you need to
include a file whose path name contains spaces, you can
still do so, but you must write @"/path
to/file" rather than putting the quotes around the
whole construct.

Prevent infinite loop on some platforms if a directory
is named as an inclusion target in pg_hba.conf and related files (Tom)

Ensure PL/Tcl initializes the Tcl interpreter fully
(Tom)

The only known symptom of this oversight is that the Tcl
clock command misbehaves if using
Tcl 8.5 or later.

Prevent crash in contrib/dblink when too many key columns
are specified to a dblink_build_sql_* function (Rushabh
Lathia, Joe Conway)